Cloud
Services
BE
A complete backup and recovery of Active Directory (AD) is essential for any organization today. After all, no one is safe from data breaches or human error. If your customer moves to a cloud-based or hybrid environment, you cannot simply assume that Azure AD offers the same backup and recovery functions as on-premises AD. You can face a number of challenges. This article describes six critical issues that are important for AD recovery from Microsoft Azure AD.
An on-premises disaster recovery plan alone is not enough
A solid on-premises disaster recovery plan is still necessary but not enough. This has to do with the fact that many organizations are increasingly using:
- Cloud-only attributes
- Office 365 Groups
- Azure AD groups
- Azure B2B / B2C accounts
- Other features of the hybrid AD environment to improve the user experience
Many organizations rely on Azure AD Connect for synchronization from on-premises AD to Azure AD. But this one-way sync causes a coverage gap in their disaster recovery strategy because the on-premises backup and recovery tool doesn't cover the above points.
Six critical issues of Azure AD
The moment your customer switches to a cloud-based (hybrid) environment, you may encounter challenges with the backup and recovery of Azure AD. Below, we discuss six critical issues that are important when recovering from Microsoft Azure AD. These are points of attention that we would like to point out to you.
- Some objects cannot be recovered
Certain objects, including Azure AD groups and group memberships, are not moved to the Recycle Bin when they are deleted. As a result, they cannot be restored with the standard Microsoft tooling. In addition, even items that would normally go into the Recycle Bin (such as Azure AD users) can be hard deleted. This means that they bypass the Recycle Bin and therefore cannot be recovered with the tooling that Microsoft includes as standard.
- You can only recover recently deleted objects
In the Azure AD Recycle Bin, deleted objects are kept for a maximum of 30 days. This limit cannot be increased. Microsoft does not back up data or provide recovery options beyond the 30-day period.
- You cannot restore specific attributes
There is no way to restore specific attributes that have changed in a user object. Think of assigned licenses, applications that are assigned in the cloud (Salesforce, Box, etc.), applications that are internally developed and linked in Azure AD.
- You cannot perform a bulk restore without PowerShell
There is no easy way to restore multiple users and attributes at once without using PowerShell.
- It's hard to figure out what to fix
You need to know which users or groups have been deleted to restore them, but there is no Azure AD change log or comparison report to help you determine which Azure AD objects have been changed or deleted.
- You cannot restore objects across tenants
Microsoft Azure AD does not support cross-tenant backup or recovery. For example, Microsoft's tooling does not offer the option to "restore" a user to another tenant.
Personal contact
Do you want to know more about the current backup and recovery issues and tools, the importance of Azure AD recovery and the solution to close gaps? Then request the whitepaper we wrote about the importance of a recovery solution for your customers. Do you want to know more about Microsoft Azure AD? Please contact us via our e-mail address software.belgium@copaco.com or via telephone number +32 (0)53 28 11 07.
